eData Deskbook—What Companies Need to Know About Ediscovery and Information Governance

June 05, 2018

Morgan Lewis recently published the latest edition of its eData Deskbook, a valuable guide for companies to prepare for, and respond to, requests or demands for their critical electronic information. The publication is an annotated best practices manual for electronic discovery and information governance.

Topics covered include information governance, data preservation and collection, and issues regarding spoliation and ediscovery sanctions. Consequently, the deskbook provides a practical reference for all lawyers—including both outside and in-house counsel—who are responsible for litigation and information governance. It is intended to help them become familiar with the rules, requisites, and best practices applicable to ediscovery, as well as the particular information governance landscape of the clients they serve.

Morgan Lewis’s eData practice delivers process innovation and efficiency across all of the discovery and information governance challenges our clients face. Using the best of technology and mobility, it has the global capacity to provide end-to-end discovery and information governance anywhere on the planet. The practice’s unique hybrid team of lawyers and technologists serves clients across a wide range of industries and practices. Their mission is to combine great lawyering with technology and process to deliver real efficiency and value to clients.    

Morgan Lewis partner Tess Blair, leader of the eData practice, recently discussed the eData Deskbook and some of the issues companies might face as they confront actual or potential discovery and information governance matters.

What is the history of the eData Deskbook and what are some of the new areas covered in this edition?

This is the third edition of the eData Deskbook, which was originally written and published in 2009. Each edition has been restructured to reflect changes in the law and practice since the prior edition. For example, our second edition was reorganized to mirror the Electronic Discovery Reference Model (EDRM), which has become the default process map for ediscovery. In this third edition, we added more substantive guidance in the “Information Governance” chapter, including new references to cybersecurity and data privacy in addition to records retention and information management. We show how to both protect data and how best to comply with local, state, and federal laws. We also just published a supplement covering the European Union’s new General Data Protection Regulation (GDPR), which is available through our GDPR Resource Centre. The guide will be incorporated into the next edition of the deskbook and will provide much more detailed content on the intersection of discovery with data privacy.

Who can most benefit from the deskbook?

Anyone who does business in the United States, including companies based outside of the United States, as well as any organization that could become involved in investigations, litigation or regulatory subpoenas, or requests for information. Our intended readership includes any company or its representatives who need a primer on the discovery process, practical guidance, and tips for addressing some of the most challenging aspects of managing complex discovery. It also incorporates citations and references to key case law and other authorities on specific legal issues that arise regularly in the discovery process. It should assist organizations in developing policies and practices in anticipation of any litigation and discovery actions. We are pleased that our book is filling a demand for information on these very contemporary issues facing most businesses, and we have distributed more than 5,000 copies since it was first published. We were also honored to have it selected as the required textbook for the University of Richmond School of Law’s Electronic Discovery course.

What are some of the major challenges companies face regarding electronic discovery?

The list is a pretty long one, and includes new technologies, social media, cloud repositories, the GDPR, and just the sheer volume of data that companies (and individuals) are now handling. What this comes down to is the fact that, in addition to understanding the legal landscape, organizations must be vigilant in updating policies and practices as they update technology. For example, whenever a company adopts a new technology, it must understand if the content could be subject to discovery. Social media is an obvious concern, but so are decisions such as whether to move infrastructure or software platforms to the cloud. This raises a number of different questions, such as how much and which data will be moved? What will this cost? Importantly, for our purposes, who controls the data? A company could outsource the storage and administration of its systems, which means that the host might have to handle ediscovery instead of the data owner. At the same time, cloud repositories create certain opportunities for businesses. The biggest challenge we all face is the sheer volume of data that we use and touch every day. We have tips in the book about all of these issues.       

What are some common mistakes companies make in this area?

Again, this is a pretty large list and a very important one. Some of the most common errors involve failing to preserve, failing to identify, and then failing to properly collect implicated data. Companies may also fail to take advantage of the negotiation or meet-and-confer process available to them, during which they have the best chance of defining and controlling the discovery process. Some also choose to select low-cost service providers to help them when they might realize better value and ultimately enjoy lower total costs by hiring providers who leverage advanced technology and their own robust process. It is quite a busy market with service providers of all shapes and sizes, and businesses should assure themselves of getting it done right.  

What are some best practices companies can follow regarding ediscovery and information governance?

The most important recommendation we would have is for them to engage in proactive management of data and systems before litigation strikes. We can help by conducting assessments whereby we evaluate a client’s infrastructure, policies, and procedures. We can assist clients in understanding how to prioritize their resources to put together a defensible process. In the long run, this will often prove to be very cost-effective.

A great place to start finding out about our services is to visit our eData practice page, where we detail our offerings and provide links to our lawyers and thought leadership. We also have made it easy to obtain the eData Deskbook, which is available in electronic and hard-copy form. Additionally, we invite anyone interested in the new requirements in force in the European Union to visit our GDPR Resource Centre.